An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22176.json | Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab/-/issues/243491 | Vendor Advisory |
https://hackerone.com/reports/962604 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2021-03-24T16:46:05
Updated: 2021-03-24T16:46:05
Reserved: 2021-01-05T00:00:00
Link: CVE-2021-22176
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-24T17:15:13.727
Modified: 2021-03-26T16:46:36.057
Link: CVE-2021-22176
JSON object: View
Redhat Information
No data.
CWE